Antivirus update quarantines or deletes
McAfee on Friday was forced to publish an update to its virus pattern database after the previous version mistakenly flagged system files as malware.
The error caused several versions of the McAfee's anti-virus software to quarantine or delete system files, depending on the software's configuration. Affected applications included Microsoft Excel, Google Toolbar Installer, Macromedia Flash Player and Windows XP.
McAfee has published a full list of files that were incorrectly flagged (PDF download). The error spanned all operating systems from Linux to OS X and Windows.
"Users who have moved detected files to quarantine should restore them to their original location. Windows users who have had files deleted should restore files from backup or use System Restore," McAfee said in an advisory.
According to the SANS Internet Storm Center, the bad signature files were available for several hours. A user had to run a virus scan for the problem to raise its head.
While users who have the software quarantine infected files should have relatively little trouble restoring the issues, the snafu can still cause considerable damage, noted Daniel Wesemann, a volunteer with the SANS Internet Storm Center.
"Things like this can get messy pretty quickly if the anti-virus scanner starts to quarantine vital components of your environment."
In a similar case last month, antivirus firm Sophos wrongly claimed that files on Mac computers running OS X were infected with the Inqtana-B worm. The software in some cases reported over 1,000 infections.
One user reported that the Sophos mix-up caused the software to delete over 1,200 files from his system and that he was forced to completely re-install his system.
McAfee on Friday was forced to publish an update to its virus pattern database after the previous version mistakenly flagged system files as malware.
The error caused several versions of the McAfee's anti-virus software to quarantine or delete system files, depending on the software's configuration. Affected applications included Microsoft Excel, Google Toolbar Installer, Macromedia Flash Player and Windows XP.
McAfee has published a full list of files that were incorrectly flagged (PDF download). The error spanned all operating systems from Linux to OS X and Windows.
"Users who have moved detected files to quarantine should restore them to their original location. Windows users who have had files deleted should restore files from backup or use System Restore," McAfee said in an advisory.
According to the SANS Internet Storm Center, the bad signature files were available for several hours. A user had to run a virus scan for the problem to raise its head.
While users who have the software quarantine infected files should have relatively little trouble restoring the issues, the snafu can still cause considerable damage, noted Daniel Wesemann, a volunteer with the SANS Internet Storm Center.
"Things like this can get messy pretty quickly if the anti-virus scanner starts to quarantine vital components of your environment."
In a similar case last month, antivirus firm Sophos wrongly claimed that files on Mac computers running OS X were infected with the Inqtana-B worm. The software in some cases reported over 1,000 infections.
One user reported that the Sophos mix-up caused the software to delete over 1,200 files from his system and that he was forced to completely re-install his system.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: